New Blog Post | Microsoft Sentinel this Week - Issue #64

Microsoft
Happy Friday everyone!
 
This week marks the weekend just before the RSA conference kicks off.
I’ll be there. I leave for an early flight on Sunday around 4am. I’m already kicking myself knowing how tired I’ll be when I arrive in San Francisco. But Sunday is big and a fully scheduled day for me. So, no rest for the weary - as they say.
If any of you will be attending next week, feel free to hunt me down or look me up. I’ll be primarily in the Microsoft areas - the expo included. I won’t be hard to find. I’ll be the person sitting or standing next to a big stack of empty coffee cups.
And, if you happen to bring along a copy of the Must Learn KQL book (paperback or hardcover), I’ll be happy to sign it and sit around to talk Microsoft security.
Wouldn’t it be nice to be able to multi-select Microsoft Sentinel Analytics Rules templates in the UI and enable them all at once with a big Enable ALL button?
This is something that has been suggested for a long while and it still doesn’t exist yet.
You can help drive this feature. If you feel this is something that would provide value to you, drop out to the following link and vote-up the Uservoice suggestion. In just a few days this request has 44 votes and 9 comments, making it the 2nd most requested new feature ever. Let’s make it number 1!
Enable multiple analytics rules in the GUI https://cda.ms/4mN
The newsletter wouldn’t be complete it seems these days unless there’s a survey or two.
TJ Banasik and Lili Davoudian were on the Microsoft Security Insights show on Wednesday evening to talk about some of their recent Microsoft Sentinel Solutions releases. One of those is the Zero Trust solution for Microsoft Sentinel which is absolutely amazing and impactful.
Within the Workbook for this solution there’s a link to provide feedback. This is your chance to show your appreciation for TJ’s and Lili’s efforts just by participating to provide feedback.
Microsoft Sentinel: Zero Trust (TIC 3.0) Solution survey: https://cda.ms/4pr
I’m really looking forward to the RSA conference next week. But even more than the conference itself, I’m really looking forward to connecting with this community there and I’d be sad and disappointed if you didn’t make the effort to at least say “Hi.”
 
So, please, PLEASE look me up. I’ll be away from my family for the long week and your connection and conversation will help it go so much faster.
 
Talk soon.
 
0 Replies